I've finished one application, but while developing haven't checked about sql injections and now at the end, i need to fix this little issue.
Here's my code, how could i on easiest way fix this to prevent sql injection (is there any function just to format my username, password parameters, not to change my code).
public function getArtistByUsernameByPassword($username, $password) {
$query = $this->db->query("SELECT * FROM artists WHERE username = '$username' AND password = ' $password'");
if ($query->num_rows() > 0) {
return $query->row_array();
}
return null;
}
Thanks in advance!
Aucun commentaire:
Enregistrer un commentaire